Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2012-4899

    WellinTech KingView 6.5.3 and earlier uses a weak password-hashing algorithm, which makes it easier for local users to discover credentials by reading an unspecified file.... Read more

    Affected Products : kingview
    • Published: Oct. 10, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-3079

    The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4.x before 8.1.4.4 allows remote authenticated users to bypass authorization checks and visit unspecified URLs with license-usage data via a DESCRIBE clause in a SPARQL qu... Read more

    Affected Products : rational_license_key_server
    • Published: Sep. 10, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2007-3372

    The Avahi daemon in Avahi before 0.6.20 allows attackers to cause a denial of service (exit) via empty TXT data over D-Bus, which triggers an assert error.... Read more

    Affected Products : avahi
    • Published: Jun. 22, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2005-2960

    cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137.... Read more

    Affected Products : debian_linux cfengine
    • Published: Oct. 05, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-3111

    The handler code for backupninja 0.8 and earlier creates temporary files with predictable filenames, which allows local users to modify arbitrary files via a symlink attack.... Read more

    Affected Products : backupninja
    • Published: Sep. 30, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2016-0446

    Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 11.2.0.4, 12.1.0.4, and 12.1.0.5 allows local users to affect confidentiality via unknown vectors related to Agent Next Gen.... Read more

    • Published: Jan. 21, 2016
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2014-0200

    The Red Hat Enterprise Virtualization Manager reports (rhevm-reports) package before 3.3.3-1 uses world-readable permissions on the datasource configuration file (js-jboss7-ds.xml), which allows local users to obtain sensitive information by reading the f... Read more

    Affected Products : rhevm-reports
    • Published: May. 29, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-6109

    The kernel in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the KASLR protection mechanism, and consequently discover a driver base address, via a crafted application, aka "Windows... Read more

    • Published: Nov. 11, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-3291

    arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform does not properly determine when nested NMI processing is occurring, which allows local users to cause a denial of service (skipped NMI) by modifying the rsp register, issui... Read more

    Affected Products : linux_kernel
    • Published: Aug. 31, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-4865

    Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality via vectors related to Business Objects - BC4J.... Read more

    Affected Products : e-business_suite
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2015-6252

    The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel before 4.1.5 allows local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers permanent file-descriptor allocation.... Read more

    Affected Products : linux_kernel
    • Published: Oct. 19, 2015
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2011-3435

    Open Directory in Apple Mac OS X 10.7 before 10.7.2 allows local users to read the password data of arbitrary users via unspecified vectors.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Oct. 14, 2011
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2007-4153

    Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the Options Database Table in the Admin Panel, accessed through options.php; or (2) the opml_ur... Read more

    Affected Products : wordpress
    • Published: Aug. 03, 2007
    • Modified: Apr. 09, 2025

  • 2.1

    LOW
    CVE-2005-0756

    ptrace in Linux kernel 2.6.8.1 does not properly verify addresses on the amd64 platform, which allows local users to cause a denial of service (kernel crash).... Read more

    Affected Products : linux_kernel
    • Published: Jun. 08, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-2739

    Keychain Access in Mac OS X 10.4.2 and earlier keeps a password visible even if a keychain times out while the password is being viewed, which could allow attackers with physical access to obtain the password.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Nov. 01, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2011-4110

    The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and "updating a negative key into a fully... Read more

    Affected Products : linux_kernel
    • Published: Jan. 27, 2012
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2010-1123

    Chip Salzenberg Deliver does not properly associate a lockfile with the user who created the file, which allows local users to cause a denial of service (blockage of incoming e-mail) by creating lockfiles for arbitrary mailboxes.... Read more

    Affected Products : deliver
    • Published: Mar. 26, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2014-3099

    Unspecified vulnerability in the Security component in IBM Systems Director 6.3.0 through 6.3.5 allows local users to obtain sensitive information via unknown vectors.... Read more

    Affected Products : systems_director
    • Published: Dec. 06, 2014
    • Modified: Apr. 12, 2025

  • 2.1

    LOW
    CVE-2010-1530

    Multiple cross-site scripting (XSS) vulnerabilities in the Internationalization module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with translate interface or administer blocks privileges, to inject arbitrary web script or HTML via (1)... Read more

    Affected Products : drupal i18n
    • Published: Apr. 26, 2010
    • Modified: Apr. 11, 2025

  • 2.1

    LOW
    CVE-2013-0227

    Cross-site scripting (XSS) vulnerability in the Search API Sorts module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain roles to inject arbitrary web script or HTML via unspecified field labels.... Read more

    Affected Products : drupal search_api_sorts
    • Published: Mar. 19, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 293407 Results